Skip to content

Commit

Permalink
support to verify object name strictly. (#171)
Browse files Browse the repository at this point in the history
  • Loading branch information
@huiguangjun
huiguangjun authored Dec 15, 2023
1 parent 1f9ebd7 commit 5d42522
Show file tree
Hide file tree
Showing 9 changed files with 90 additions and 2 deletions.
1 change: 1 addition & 0 deletions .github/workflows/linux-clang.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:

- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install curl libssl-dev libcurl4-openssl-dev
- name: configure cmake
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/linux-gcc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:

- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install curl libssl-dev libcurl4-openssl-dev
- name: checkout gcc version
Expand Down
4 changes: 4 additions & 0 deletions sdk/include/alibabacloud/oss/client/ClientConfiguration.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,10 @@ namespace OSS
* enable or disable path style, default is false.
*/
bool isPathStyle;
/**
* enable or disable verify object name strictly. defualt is true
*/
bool isVerifyObjectStrict;
};
}
}
2 changes: 1 addition & 1 deletion sdk/src/OssClientImpl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1288,7 +1288,7 @@ GetObjectTaggingOutcome OssClientImpl::GetObjectTagging(const GetObjectTaggingRe
StringOutcome OssClientImpl::GeneratePresignedUrl(const GeneratePresignedUrlRequest &request) const
{
if (!IsValidBucketName(request.bucket_) ||
!IsValidObjectKey(request.key_)) {
!IsValidObjectKey(request.key_, configuration().isVerifyObjectStrict)) {
return StringOutcome(OssError("ValidateError", "The Bucket or Key is invalid."));
}

Expand Down
3 changes: 2 additions & 1 deletion sdk/src/client/ClientConfiguration.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,8 @@ ClientConfiguration::ClientConfiguration() :
recvRateLimiter(nullptr),
executor(nullptr),
httpClient(nullptr),
isPathStyle(false)
isPathStyle(false),
isVerifyObjectStrict(true)
{

}
Expand Down
11 changes: 11 additions & 0 deletions sdk/src/utils/Utils.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -598,6 +598,17 @@ bool AlibabaCloud::OSS::IsValidBucketName(const std::string &bucketName)
return key.size() <= ObjectNameLengthLimit;
}

bool AlibabaCloud::OSS::IsValidObjectKey(const std::string& key, bool strict)
{
if (key.empty() || !key.compare(0, 1, "\\", 1))
return false;

if (strict && !key.compare(0, 1, "?", 1))
return false;

return key.size() <= ObjectNameLengthLimit;
}

bool AlibabaCloud::OSS::IsValidLoggingPrefix(const std::string &prefix)
{
if (prefix.empty())
Expand Down
1 change: 1 addition & 0 deletions sdk/src/utils/Utils.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ namespace OSS
bool IsIp(const std::string &host);
bool IsValidBucketName(const std::string &bucketName);
bool IsValidObjectKey(const std::string &key);
bool IsValidObjectKey(const std::string& key, bool strict);
bool IsValidLoggingPrefix(const std::string &prefix);
bool IsValidChannelName(const std::string &channelName);
bool IsValidPlayListName(const std::string &playListName);
Expand Down
50 changes: 50 additions & 0 deletions test/src/Object/ObjectSignedUrlTest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -667,6 +667,56 @@ TEST_F(ObjectSignedUrlTest, UnencodedSlashTest)
}


TEST_F(ObjectSignedUrlTest, VerifyObjctNameStrictTest)
{
std::string key = "123?";
GeneratePresignedUrlRequest request= GeneratePresignedUrlRequest(BucketName, key, Http::Put);
auto urlOutcome = Client->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), true);
EXPECT_TRUE(urlOutcome.result().find("123%3F?") != std::string::npos);

key = "123?321";
request = GeneratePresignedUrlRequest(BucketName, key, Http::Put);
urlOutcome = Client->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), true);
EXPECT_TRUE(urlOutcome.result().find("123%3F321?") != std::string::npos);

key = "?123";
request = GeneratePresignedUrlRequest(BucketName, key, Http::Put);
urlOutcome = Client->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), false);
EXPECT_TRUE(urlOutcome.error().Message().find("The Bucket or Key is invalid.") != std::string::npos);

key = "?";
request = GeneratePresignedUrlRequest(BucketName, key, Http::Put);
urlOutcome = Client->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), false);
EXPECT_TRUE(urlOutcome.error().Message().find("The Bucket or Key is invalid.") != std::string::npos);

ClientConfiguration conf;
EXPECT_TRUE(conf.isVerifyObjectStrict);
conf.isVerifyObjectStrict = false;
auto c = std::make_shared<OssClient>(Config::Endpoint, Config::AccessKeyId, Config::AccessKeySecret, conf);

key = "123?321";
request = GeneratePresignedUrlRequest(BucketName, key, Http::Put);
urlOutcome = c->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), true);
EXPECT_TRUE(urlOutcome.result().find("/123%3F321?") != std::string::npos);

key = "?123";
request = GeneratePresignedUrlRequest(BucketName, key, Http::Put);
urlOutcome = c->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), true);
EXPECT_TRUE(urlOutcome.result().find("/%3F123") != std::string::npos);

key = "?";
request = GeneratePresignedUrlRequest(BucketName, key, Http::Put);
urlOutcome = c->GeneratePresignedUrl(request);
EXPECT_EQ(urlOutcome.isSuccess(), true);
EXPECT_TRUE(urlOutcome.result().find("/%3F?") != std::string::npos);
}


}
}
19 changes: 19 additions & 0 deletions test/src/Other/UtilsFunctionTest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1069,5 +1069,24 @@ TEST_F(UtilsFunctionTest, IsValidEndpointTest)
EXPECT_EQ(IsValidEndpoint(""), false);
}

TEST_F(UtilsFunctionTest, IsValidObjectKeyTest)
{
EXPECT_EQ(IsValidObjectKey("123"), true);
EXPECT_EQ(IsValidObjectKey(""), false);

EXPECT_EQ(IsValidObjectKey("123", true), true);
EXPECT_EQ(IsValidObjectKey("", true), false);

EXPECT_EQ(IsValidObjectKey("?123", true), false);
EXPECT_EQ(IsValidObjectKey("?", true), false);
EXPECT_EQ(IsValidObjectKey("1?23", true), true);
EXPECT_EQ(IsValidObjectKey(" ?", true), true);

EXPECT_EQ(IsValidObjectKey("?123", false), true);
EXPECT_EQ(IsValidObjectKey("?", false), true);
EXPECT_EQ(IsValidObjectKey("123?", false), true);
EXPECT_EQ(IsValidObjectKey(" ?", false), true);
}

}
}

0 comments on commit 5d42522

Please sign in to comment.